certfr_avis - certfr-2016-avi-196

CERTFR-2016-AVI-196

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans SCADA les produits Siemens. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Siemens SIMATIC S7-300 versions V3.3.x antérieures à V3.3.12
Siemens	N/A	Siemens SIMATIC WinCC flexible versions antérieures à 2008 SP3 Up7
Siemens	N/A	Siemens SIMATIC S7-300 versions antérieures à V3.2.12

References

Title

Publication Time

Tags

Bulletin de sécurité SCADA Siemens SSA-818183 du 08 juin 2016	None	vendor-advisory
Bulletin de sécurité SCADA Siemens SSA-526760 du 08 juin 2016	None	vendor-advisory
Bulletin de sécurité SCADA Siemens SSA-818183 du 08 juin 2016	-	other
Bulletin de sécurité SCADA Siemens SSA-526760 du 08 juin 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Siemens SIMATIC S7-300 versions V3.3.x ant\u00e9rieures \u00e0 V3.3.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens SIMATIC WinCC flexible versions ant\u00e9rieures \u00e0 2008 SP3 Up7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens SIMATIC S7-300 versions ant\u00e9rieures \u00e0 V3.2.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-1358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1358"
    },
    {
      "name": "CVE-2016-3949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3949"
    }
  ],
  "initial_release_date": "2016-06-10T00:00:00",
  "last_revision_date": "2016-06-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens SSA-818183 du 08 juin    2016",
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-818183.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens SSA-526760 du 08 juin    2016",
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-526760.pdf"
    }
  ],
  "reference": "CERTFR-2016-AVI-196",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eSCADA les produits Siemens\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens SSA-818183 du 08 juin 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens SSA-526760 du 08 juin 2016",
      "url": null
    }
  ]
}

CVE-2015-1358 (GCVE-0-2015-1358)

Vulnerability from cvelistv5

Published

2015-02-18 02:00

Modified

2024-08-06 04:40

Severity ?

CWE

Summary

The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack.

References

URL

Tags

	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf	x_refsource_CONFIRM
	https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02	x_refsource_MISC
	http://www.securityfocus.com/bid/72625	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1036090	vdb-entry, x_refsource_SECTRACK
	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:40:18.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02"
          },
          {
            "name": "72625",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72625"
          },
          {
            "name": "1036090",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036090"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-28T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02"
        },
        {
          "name": "72625",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72625"
        },
        {
          "name": "1036090",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036090"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-1358",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02"
            },
            {
              "name": "72625",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72625"
            },
            {
              "name": "1036090",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036090"
            },
            {
              "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-1358",
    "datePublished": "2015-02-18T02:00:00",
    "dateReserved": "2015-01-26T00:00:00",
    "dateUpdated": "2024-08-06T04:40:18.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3949 (GCVE-0-2016-3949)

Vulnerability from cvelistv5

Published

2016-06-27 10:00

Modified

2024-08-06 00:10

Severity ?

CWE

Summary

Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets.

References

URL

Tags

	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1036089	vdb-entry, x_refsource_SECTRACK
	https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/ssa-818183.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:10:31.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf"
          },
          {
            "name": "1036089",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036089"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818183.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-10T14:06:25",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf"
        },
        {
          "name": "1036089",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036089"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818183.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3949",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf"
            },
            {
              "name": "1036089",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036089"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-818183.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818183.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3949",
    "datePublished": "2016-06-27T10:00:00",
    "dateReserved": "2016-04-05T00:00:00",
    "dateUpdated": "2024-08-06T00:10:31.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2016-AVI-196

Vulnerability from certfr_avis

Solution

CVE-2015-1358 (GCVE-0-2015-1358)

Vulnerability from cvelistv5

CVE-2016-3949 (GCVE-0-2016-3949)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature